Server-Side Application and Data Management IT IS 3105 (Spring 2010) Lecture 23 Cookies, Sessions, FTP and Email
Cookies
Cookies What are they? Cookies reside on a particular client Cookies are, according to Netscape, "a general mechanism which server side connections (such as CGI scripts) can use to both store and retrieve information on the client side of the connection." Cookies reside on a particular client By browser This means I.E. has a different store for cookies than FireFox, etc.
Setting Cookies
To set a cookie: Notes: Name is required Rest are optional bool setcookie ( string $name [, string $value [, int $expire = 0 [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]]]] ) Notes: Name is required Rest are optional Must be set before any HTML tags
Setting a Cookie Example <?php setcookie("message1", "Hello"); setcookie("message2", "there."); ?> <html> <head><title>Setting cookies></head> <body> <h1>A cookie has be set by PHP when creating this page</h1> <h2>The whole cookie is:</h2> <script> document.write(document.cookie) </script> </body> </html> Ch9/C9SetCookie.php
Getting Cookies
Cookie values kept in the global array: $_COOKIE Retrieve with traditional array functions echo $_COOKIE[‘cookie_name’];
Setting and Getting a Cookie <?php setcookie("message1", "Hello"); setcookie("message2", “again."); ?> <html> <head><title>Setting cookies></head> <body> <h1>A cookie has be set by PHP when creating this page</h1> <h2>Cookie has been set, click on link to view</h2> <a href="C9GetCookieGet.php">C9GetCookieGet.php</a> </body> </html> Ch9/C9SetCookie.php <html> <head><title>Getting cookies></head> <body> <h1>A cookie has be set by another web page</h1> <h2>Getting the Cookies:</h2> The cookies are: <?php if (isset($_COOKIE['message1'])) { echo "First cookie:" . $_COOKIE['message1']; } if (isset($_COOKIE['message2'])) echo "Second cookie:" . $_COOKIE['message2']; ?> </body> </html> Ch9/C9GetCookie.php
Setting Cookies Expiration Time
Expiring Cookies Cookies naturally expire after browser is exited bool setcookie ( string $name [, string $value [, int $expire = 0 [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]]]] ) Cookies naturally expire after browser is exited ALL cookies for that browser! Can set a time for it to expire Time in seconds since Jan 1, 1970 Note: Javascipt uses milliseconds since 1/1/1970 Use time() to get the current time Add the “delay” to get the desired expiration
Cookie Expire Example: <?php setcookie("message1", "Hello"); setcookie("message2", "there.", time()+60); ?> <html> <head><title>Setting cookies></head> <body> <h1>A cookie has be set by PHP when creating this page</h1> <h2>The whole cookie is:</h2> <script> document.write(document.cookie) </script> <h3>message1 has no expiration</h3> <h3>message2 expires in 1 minute</h3> </body> </html> Ch9/C9CookieExpire1min.php
Deleting Cookies
Set the value to the null string (“”); bool setcookie ( string $name , string “” , int $expire = -1) Set the value to the null string (“”); Set the expire date to a negative time Triggers the browsers expiration function
Sessions
Sessions Information is kept on the server Information maintained from web page to web page Data kept and retrieved by name Session IDs can be kept in a cookie On the client Session can be: Cookie based Easier and safer Work with cookies disabled Has some potential for abuse
Storing Session Data
Creating and Using Session Data Creating a SESSION value Must start a session on the server to use it session_start(); For Cookie based sessions: Session must be started before any HTML output Use global array $_SESSION to set value Accessing a SESSION value Must start a session to use it Ditto on starting the session Use global array $_SESSION to retrieve value
Getting and Setting Sessions <?php session_start(); ?> <html> <head><title>Setting sessions</title></head> <body> <h1>Storing Data in Sessions</h1> <h2>Saving course information</h2> $_SESSION['name'] = "Server Side"; $_SESSION['number'] = "3105"; <br>Click on the link to read the session info on the next page:<br> <a href="C9GetSession.php">Go to C9GetSession.php</a> </body> </html> Ch9/C9SetSession.php <?php session_start(); ?> <html> <head><title>Getting session info</title></head> <body> <h1>Retriving Data in Sessions</h1> <h2>Getting course information</h2> <?php // assume the SESSION value is there echo "Name:".$_SESSION['name']; echo "\n<br>\n"; echo "Number:".$_SESSION['number']; <h2>Done</h2> </body> </html> Ch9/C9GetSession.php
Session Dumper <?php session_start(); ?> <html> <head><title>Dump Sessions</title></head> <body> <h1>Show all sessions</h1> print_r($_SESSION); <h2>Done</h2> </body> </html> Ch9/C9DumpSessions.php
Hit Counters
Hit Counters Many offered “free” from the internet To use --- --- or not to use? TANSTAFL!
Hit counters Use a session variable to keep track Check if ever sent If not “create” count set to 0 Else increment count
Hit Counter Track how often a web page is visited Problem 1: Session expires when all instances of the browser is closed How can this problem be fixed? Class discussion… Problem 2: <?php session_start(); ?> <html> <head><title>C9 Counter</title></head> <body> <h1>Example hit counter</h1> if (!isset($_SESSION['mycount'])) { echo "First time here!"; $_SESSION['mycount'] = 0; } else { $_SESSION['mycount']++; } echo "Count:".$_SESSION['mycount']; <h2>Done</h2> </body> </html> Ch9/C9Counter.php
Using Sessions Without Cookies
User blocking cookies? Enable use_trans_sid To use: By default is disabled (0) Set to 1 Set in the php.ini file To use: Set the $_SESSION as before Set PHPSESSID as a hidden input in a form Set the value to the session_id() The form will pass the hidden value to the next page The page can the access the session as before
Warnings Session id can be intercepted by “hackers” Capture the session for their use ITIS4221 teaches safe programming techniques to protect
Removing Data In Sessions
Remove data in Sessions After starting session Use unset unset($_SESSION[“session_id”]);
FTP
FTP File Transfer Protocol Note: FTP is fundamentally unsafe Transfers data from one computer to another Remote machine must have an FTP server running Local machine must have an FTP client running Defaults to port 21 Note: FTP is fundamentally unsafe Login process is “open” Data is “open” Anyone can see Use a secure ftp connection when using ftp_ssl_connect Use to get data from an FTP server The remote machine Not the browser client!
Using FTP
Using FTP Connect Log in Mandatory Optional parameters $connect = ftp_connect($host, $port, $timeout) Mandatory host Optional parameters port The port to use timeout how long before timing out Log in $result = ftp_login($connect, $uid, $pw)
FTP Getting a Directory Listing
Get a remote directory listing Get the remote machines directory listing Request listing for a directory Save in array array ftp_nlist ( resource $ftp_stream , string $directory ) Example dirArray$ = ftp_nlist($connect, “mydir”); Process the array Dump results var_dump($dirArray); Process with code foreach($dirArray as $value) { echo $value, “<br>”;}
FTP Downloading a File
Downloading Brings a file to the host machine bool ftp_get ( resource $ftp_stream , string $local_file , string $remote_file , int $mode [, int $resumepos = 0 ] ) Brings a file to the host machine Required FTP connection name for the file locally Note: can rename using a different name name of the file on the remote how to transer FTP_ASCII FTP_BINARY
FTP Uploading a File
Uploading Sends a file to the remote ftp client bool ftp_put ( resource $ftp_stream , string $remote_file , string $local_file , int $mode [, int $startpos = 0 ] ) Sends a file to the remote ftp client Required FTP connection name for the file locally Note: can rename using a different name name of the file on the remote how to transer FTP_ASCII FTP_BINARY
EMail Can send email from an html page Problems: What to do? <form … action=mailto:addr@url.com …> Problems: Client machine must have a configured email client installed Outlook Outlook Express Thunderbird Eudora What if the user only uses a hosted email service Gmail Yahoo No need for an email client What to do? Use the email client on the php host!
PHP and Email Must enable Email in the php.ini file Note: Windows and *IX version vary
Sending Email
Sending Email Uses the mail client on the server to send mail bool mail ( string $to , string $subject , string $message [, string $additional_headers [, string $additional_parameters ]] ) Uses the mail client on the server to send mail
Sending Email with Headers
Headers Extra information cc: bcc: …
Sending Email with Attachments
Attachments Takes some extra work Read the file to attache chunk_split and base64_encode the data from the file Cram the result into the text of the email With instructions of how it is included and encoded